Security Archive: Remembering security incidents to make sure we don’t commit the same mistakes over and over again.
Jan 17th, 2008. Every person who visited the site of the famous programming language Perl (perl.com), got redirected to a porn site hosted at grepblogs.net. Uh-oh, when was it hacked? Did anyone compromised the source code from Perl? What about the accounts at perl.com, where they stolen?
During these incidents, people tend to overreact and think of the worst. However, what happened was very simple… That was the official explanation:
What mistakes they did:
What to learn from it and how to protect ourselves?
- Limit the amount of external content you embed on your site. If you need ads, choose a reputable company that will not go away and will take security seriously.
- Monitor the content of what you include on your site. If you have to use scripts from remote locations, regularly check if they are still in business, check if the script is still responding properly and if they didn’t get compromised.
- That’s the best advice: whenever possible, store your content locally where you can control.
What do you think? What additional steps we can take to avoid issues like that?